Content Security Policy (CSP)
CSP is a great feature of modern browser, it is 100% supported by dappy. A major difference though is that the web servers have no control over it, the CSP is not defined by the HTTP headers on the first top level navigation request, neither are they defined by html meta tags.
CSP rules are defined at the name system level, making it rock solid and impossible to change by any MITM attack or server intrusion.
An example of a value csp in the configuration for a record mysite:
{
"values": [
...,
{
"kind": "csp",
"value": ""default-src 'self' mysite; script-src https://mysite; img-src https://mysite https://mysecondsite"
}
]
}
Copy link